Helping people with computers... one answer at a time.
The SSID identifies your wireless access point to any computers in range. Having a unique one is helpful, but hiding it is only marginally more secure.
I always hear “CHANGE THE SSID” on your home router. There are two parts to the SSID, correct? The network name and the network password to connect. I realize that the password needs to be changed from the default of admin or whatever, but are people still suggesting that the SSID network name be changed as well? I can see changing the network name to something other than “Linksys” so that you know that it's yours, but why does it matter if others can see this name? All that matters is changing the SSID password, correct?
•
Well, to begin with, a couple of concepts have gotten confused in your question.
There's no such thing as an "SSID password". The SSID is simply the identifier that a Wifi access point can broadcast to let you know that it exists.
The SSID can be changed, and there are good reasons to do so. Broadcasting the SSID can also be disabled, but whether that actually helps anything is debatable.
And finally, this isn't really a router thing because there are routers that have no wireless capabilities and thus, they have no SSID to worry about. This is really a wireless access point thing - whether that access point is a separate device or combined with a router in a single package.
•
That password thing
Even though it's completely unrelated to the SSID, let's first deal with the password issue.
As outlined in How do I secure my router?, there are actually two passwords that you need to concern yourself with:
-
The password used to gain administrative access to the router's configuration
-
The password used as part of WPA encryption used to secure your wireless connections
You should change the first one from its default. Otherwise, anyone with access to your network can reconfigure your router. I have heard of malware that can do exactly that if you leave the password unchanged.
You should add the second - WPA encryption - if you have not. Otherwise, anyone within range can possibly "listen in" on your wireless data.
But neither really have anything to do with SSID.
Change the SSID
You'll need to access your router's configuration to alter these settings. Exactly how you do that varies from router-to-router, so check your router's documentation for instructions.
My example uses a LinkSys WAP54G wireless access point, which is a device separate from my router.
In its configuration, I navigate to the Wireless tab, Basic Wireless Settings page:
Everything that we want to look at is on this page in this access point.
The Network Name (SSID) usually defaults to something that is the same for every one of the access points or routers made by the same manufacturer. Typically, that's the manufacturer's name - LinkSys, in this case.
As you can see, I've changed that to something else:
I've named this access point "NOTENLAN-FR", something that clearly identifies this particular access point and the network to which I have it attached.
You can choose pretty much any name that you like. I've seen SSIDs called things like "Fluffy Bunny" or "Connect here for malware" - the later being a semi-facetious way of telling strangers not to try to connect. (With WPA enabled, they would not be able to anyway, unless they had the proper password.)
But as you've pointed out, it is good to set it to something unique, so that you don't accidentally connect to some other access point and questionable network with the same name as yours.
Broadcasting the SSID
There's a diversity of opinion on whether or not it's helpful to not broadcast your SSID.
As you can see above, mine is set to broadcast.
What does that mean? It means that it shows up in lists like this one:
The available networks there are those whose SSIDs are being broadcast by wireless access points in range.
If you disable the broadcast of the SSID, the wireless network does not appear here. You can still connect to it manually if you know the SSID (and WPA password, if appropriate), but it won't show up in these types of lists automatically.
Broadcasting the SSID and security
There's a misconception that not broadcasting the SSID makes your wireless network more secure.
That's actually only partly true.
If the SSID isn't being broadcast, your wireless network won't show in those "nearby networks" lists. It's a form of security by obscurity in that it keeps your neighbors or anyone else within range from connecting accidentally or otherwise.
However.
It's not really secure. Your network is still technically visible; the packets going to and from your access point can still be intercepted and interpreted. It's slightly more difficult, but still quite possible. Disabling the SSID broadcast doesn't really protect your network from someone who's knowledgeable and intent on connecting.
You still need that WPA password to do that.
So, disable the broadcast or not. Just realize what security you are and more importantly are not getting when you do so.
Article C5049 - January 21, 2012 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
February 27, 2012 4:09 PM
I echo the comment made by Art Yaffe:
I hadn't thought of this FACT until recently. I have turned my SSID broadcast back on at home and UNchecked the "Connect even if the network is not broadcasting its name (SSID)" property in the "Manage Wireless Networks" Control Panel.
March 5, 2012 7:22 AM
The other method of securing a wireless network that I use on top of the WPA password is that I have to manually add the MAC address for computers that can use my network. This is on a Linksys WAG160N modem router
March 5, 2012 8:03 AM
Why do we think James Bond is going to drive his Masserati to our driveway and start his high tech hacking? Won't even he look for a visible SSID and use it instead? The whole contention that not broadcasting the SSID seems stupid to me.
Really protecting your home network should consist of three layers, none of them including WEP or WPA, which are also stupid placebos.
1. Turn off SSID broadcast. If they don't know you're there, they won't even try to log on. Your neighbor broadcasts his and they won't even think to ignore that and look for hidden ones. Who are we fooling anyway?
2. Engage your MAC address whitelist, STUPID!!! Tell your router which computers belong on your network. The others have to buzz off. The list isn't accessible because you've changed the name of your SSID and have a secure administrative password for the router. Yes, it's possible to use brute force to get in. No it won't happen anytime soon.
3. Now initiate and use your router's logging capability to log entries to your network. You can check it once in awhile just to make sure nobody you don't authorize gets in. They won't. This is just to make you feel good and prove my point.
In order not to be eaten by the bear, you don't have to be the fastest runner, just the second slowest.
March 5, 2012 8:11 AM
Darn, I wish this primitive site let you edit posts. For my post above it should say "The whole contention that not broadcasting the SSID does not enhance security seems stupid to me."
Later, where it mentions changing the SSID and administrative password of the router, it should be logon name, of course.
January 9, 2013 4:30 PM
@Steve
please tell me where you live. I am very interested in using your 'secure' wireless network for free internet.
Also @ Mark J
While WPA provides better security than WEP, this security protocol was only put in place while WPA2 was being developed. WPA will maybe add an extra 3 minutes defence at best.
Still very easy for someone to bypass with the correct know how.
And since your comment was posted 6 years after the release of WPA2 I'm hoping you have adopted that method of securing your network as it provides much higher security... but still crackable